XSS vulnerabilities

A scan was run on our blogs site, and it showed several XSS vulnerabilities (unsanitized get variables). I can’t find anything in the WordPress (3.2.1) core that would allow this, so I suspect it’s a theme issue.

Here are some examples:

15. Vulnerable (High, HARM: 320) at: http://blogs.*****.***/management/?paged=3&CENZIC_DUMMY_PARAM

Message:

Cross-site scripting vulnerability found

Injected item: GET: CENZIC_DUMMY_PARAM

Injection value: –><script>alert(13180346.47567)</script>

Detection value: 13180346.47567

This is a reflected XSS vulnerability, detected in an alert that was an immediate response to the injection.

Cross-Site Scripting

16. Vulnerable (High, HARM: 320) at: http://blogs.*****.***/management/?paged=3

Message:

Cross-site scripting vulnerability found

Injected item: GET: paged

Injection value: –><script>alert(13180346.47577)</script>

Detection value: 13180346.47577

This is a reflected XSS vulnerability, detected in an alert that was an immediate response to the injection.

Cross-Site Scripting